Henry D. Case
6e4abe2d07
* Changes tests so that they pass with draft-23 * BoringSSL interoperability: uses code at most recent commit. It uses "-tls13-variant draft23" flag to indicate compatibility with draft23 * NSS interoperability: Uses release 3.35 * PicoTLS interoperability: blocked. Doesn't seem to implement draft23 * Uses updated bogo from https://github.com/henrydcase/crypto-tls-bogo-shim
59 lines
1.7 KiB
Docker
59 lines
1.7 KiB
Docker
FROM buildpack-deps
|
|
|
|
RUN hg clone https://hg.mozilla.org/projects/nspr
|
|
RUN hg clone https://hg.mozilla.org/projects/nss
|
|
|
|
ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
|
|
# Incremental build snapshot disabled as dependencies don't seem to be solid:
|
|
# the same value changed in a header file would apply to one .c file and not another
|
|
# RUN cd nss && make nss_build_all
|
|
|
|
# Draft 15
|
|
# ARG REVISION=c483e5f9e0bc
|
|
|
|
# Draft 16
|
|
# ARG REVISION=3e7b53b18112
|
|
|
|
# Draft 18
|
|
# ARG REVISION=b6dfef6d0ff0
|
|
|
|
# Draft 18, NSS_3_34_1_RTM (with TLS 1.3 keylogging support)
|
|
# ARG REVISION=e61c0f657100
|
|
|
|
# Draft 22
|
|
#ARG REVISION=88c3f3fa581b
|
|
|
|
# Draft 23
|
|
ARG REVISION=16c622c9e1cc
|
|
|
|
RUN cd nss && hg pull
|
|
RUN cd nss && hg checkout -C $REVISION
|
|
|
|
ADD *.patch ./
|
|
RUN for p in *.patch; do patch -p1 -d nss < $p; done
|
|
|
|
RUN cd nss && make nss_build_all
|
|
|
|
# ENV HOST=localhost
|
|
# RUN cd nss/tests/ssl_gtests && ./ssl_gtests.sh
|
|
|
|
RUN cd nss && make install
|
|
|
|
RUN mv /dist/$(uname -s)$(uname -r | cut -f 1-2 -d . -)_$(uname -m)_${CC:-cc}_glibc_PTH_64_$([ -n "$BUILD_OPT" ] && echo OPT || echo DBG).OBJ /dist/OBJ-PATH
|
|
|
|
ENV LD_LIBRARY_PATH=/dist/OBJ-PATH/lib
|
|
|
|
ENV SSLTRACE=100 SSLDEBUG=100
|
|
|
|
# Init test key using an empty noise (seed) file (-z /dev/null).
|
|
# Use different subjects, otherwise NSS seems to merge keys under the same nickname.
|
|
RUN mkdir /certdb && \
|
|
/dist/OBJ-PATH/bin/certutil -d /certdb -N --empty-password && \
|
|
/dist/OBJ-PATH/bin/certutil -d /certdb -S -n rsa-server -t u -x -s CN=localhost -k rsa -z /dev/null && \
|
|
/dist/OBJ-PATH/bin/certutil -d /certdb -S -n ecdsa-server -t u -x -s CN=localhost,O=EC -k ec -z /dev/null -q nistp256
|
|
|
|
ADD httpreq.txt /httpreq.txt
|
|
ADD run.sh /run.sh
|
|
ADD server.sh /server.sh
|
|
ENTRYPOINT ["/run.sh"]
|